Corporate Sustainability
Due Diligence Directive compliance

The annex of the Directive specifies what is meant by adverse impacts on human rights and the environment in the corporate context. Impacts are drawn from internationally recognised human rights and environmental frameworks and instruments, including UNGPs and ILO conventions.

Adverse human rights impacts include adverse impacts on the right to life, liberty and security as well as the right to fair and favourable working conditions, fair wages and freedom of association. Impacts also cover issues such as child labour and forced labour, as well as adverse impacts on the ecosystem that restrict human rights and rights to lands and resources.

Adverse environmental impacts include tangible environmental degradation such as waste handling and disposal, marine and land pollution, biodiversity and the use and management of chemicals.

Adverse environmental impacts refer to tangible environmental degradation such as waste handling and disposal, marine and land pollution, biodiversity and the use and management of chemicals.

Under the CSDDD, it will be mandatory for large companies with operations in the EU, who meet the threshold requirements, to carry out human rights and environmental risk-based due diligence in their own operations, in those of their subsidiaries and in the operations of their ‘chain of activities’.

For the purposes of the CSDDD, the chain of activities is defined as: –

• all upstream activities related to the production of goods or the provision of services and,

• any downstream activities associated with the distribution, transport and storage of products.

There are eight specific requirements in the directive, which must be met if businesses are to ensure that they are fully compliant. Companies must therefore: –

1. Integrate due diligence into corporate policies and risk management systems
2. Identify and assess actual or potential adverse human rights and environmental impacts
3. Prevent and mitigate potential impacts; stop and remedy actual impacts
4. Carry out meaningful stakeholder engagement
5. Establish and maintain a notification mechanism and compliance procedure
6. Monitor the effectiveness of due diligence policies and measures
7. Communicate publicly on their due diligence
8. Put into effect a climate action transition plan

1. Monitor the effectiveness of due diligence policies and measures  
2. Communicate publicly on their due diligence  
3. Put into effect a climate action transition plan  

It is estimated that some 6,000 large corporations will be in scope, including both EU-based and non-EU based businesses, but with different thresholds for each. These have been determined for the first wave of companies in scope as follows: -  

• EU companies will be in scope if they have more than 1,000 employees and a net worldwide turnover in the last financial year of more than €450 million  

• Non-EU companies will be in scope if they have a turnover in the last financial year of more than €450 million in the EU, irrespective of the number of employees.  

Companies need to be aware that if they do not meet these criteria, they will still be in scope if the parent company meets these thresholds. In addition, both EU and non-EU companies will be in scope if the company or parent company has franchising or licensing agreements in the EU for annual royalties that exceed €22.5 million, and the company has a worldwide turnover in excess of €80 million.   

The CSDDD was published in the official EU Journal on 25 July 2024. Member states now have two years to transpose the directive into national law.  

There will be a phased approach to compliance. The phased approach places organisations into three categories and is driven by size and turnover, with the largest organisations having to comply the soonest.  

Compliance by 25 July 2027: EU companies with a worldwide turnover of more than €1500 million and more than 5,000 employees PLUS non-EU companies with a turnover in the EU of more than €1500 million  

Compliance by 25 July 2028: EU companies with a worldwide turnover of more than €900 million and more than 3,000 employees PLUS non-EU companies with a turnover in the EU of more than €900 million

Compliance by 2029: EU companies with a worldwide turnover of more than €450 million and more than 1,000 employees PLUS non-EU companies with a turnover in the EU of more than €450 million  

Each member state will be required to designate a supervisory authority to oversee compliance with the CSDDD’s obligations, with powers to enforce both the due diligence obligations and climate related duties of the directive. Supervisory authorities will also be able to mandate companies to provide information regarding their due diligence processes and transition plans and carry out compliance investigations in those companies where there are concerns.

Where a failure to comply occurs, the supervisory authority can exert a number of powers including orders to:

• Cease the infringement,

• Abstain from any repetition, and

• Provide appropriate remediation.

There will also be the possibility of stringent penalties, with the directive requiring member states to ensure that these are effective, proportionate and dissuasive.

Supervisory authorities will therefore have the power to: –

• Issue fines of a maximum of no less than 5% of global turnover

• Name and shame, with infringements of the new legislation made publicly available for at least five years.

In addition, the directive also introduces a civil liability regime, enabling those who are affected by human rights and environmental violations to bring about civil proceedings and seek compensation. Companies may be held liable for the damages they cause, either independently or jointly with third parties. As a result of this provision, we could see an increase in the number of claims for human rights and environmental violations, with resulting reputational damage for those organisations facing litigation in court for actual or even potential harm

Although compliance may seem some way away, the obligations of the CSDDD will require substantive change for many organisations. A significant number of the companies we work with are already starting to consider whether the systems and processes that they have in place are fit for purpose or whether they need to build and embed new systems and processes to comply with the directive.

From the start, it will be important to identify the individuals and departments responsible for developing and managing the organisation’s due diligence processes and strategies. Best practice is also to ensure that top management and the Board also have oversight of human rights and environmental matters, and regularly review and challenge the company’s performance in this regard. Companies will need to make sure they have enough resources and expertise to ensure compliance.

To respond adequately to the eight key requirements of the directive, companies will need to: –

1. Integrate human rights and environmental due diligence into corporate policies
2. Identify actual and potential adverse human rights and environmental impacts
3. Prevent or mitigate potential adverse impacts, mitigate and stop actual adverse impacts
4. Carry out meaningful stakeholder engagement
5. Establish and maintain a notification mechanism and a complaints procedure
6. Monitor the effectiveness of due diligence policies and measures
7. Communicate publicly on CSDDD due diligence undertaken
8. Implement a climate transition plan

Human rights and environmental due diligence, as set out in the CSDDD, takes a different approach from what is traditionally understood by corporate due diligence. Using the definition of due diligence in the OECD guidelines for Responsible Business Conduct, the directive imposes a series of specific obligations. This includes not just identifying actual and potential problems, but also developing appropriate measures to address, prevent, mitigate and remediate any adverse impacts found.

As such, an on-going process is required that must be integrated into broader enterprise risk-management systems in the same way that other regulatory measures such anti-corruption, health and safety and fraud prevention measures have been incorporated.

There are four key elements that distinguish the due diligence requirements of the directive from what is routinely understood by due diligence.

1. In-scope companies are required to look to the future as well as the past, identifying potential as well as actual adverse impacts
2. Companies must engage meaningfully with affected stakeholders. This means consulting with workers, management, community groups, worker representatives and civil society organisations to gain an accurate assessment of the impacts and how they can be prevented and remedied.
3. The due diligence must focus primarily on the adverse impacts on people and planet, rather than the negative impacts to the business.
4. The directive imposes a duty not just to identify the adverse impacts but to fix them, with significant penalties for any failure to do so.

For more information read our blog on key steps for conducting CSDDD due diligence

In essence, the CSRD focuses on reporting while the CSDDD focuses on taking action.

Under the CSRD, in scope companies are required to disclose specified sustainability information. This will mean reporting on ESG-related risks and impacts as set out in the European Sustainability Reporting Standards (ESRS). This includes making quantitative and qualitative disclosures about a broad range of sustainability topics, including information on governance, strategy, and risk management measures. Performance metrics are expected to be included.

The overall aim of the CSRD is to make sustainability reporting more consistent, comparable and reliable across the EU. This will facilitate comparison for third parties such as investors who wish to analyse and compare ESG performance.

The CSDDD on the other hand, requires in-scope companies to carry out risk-based human rights and environmental due diligence in their own operations, in those of their subsidiaries and in their ‘chain of activities’. Such due diligence is expected to be incorporated into polices and risk management systems in order to identify, assess and resolve any adverse human rights and environmental impacts that are caused by the business.

The CSDDD spells out specific due diligence and climate transition requirements that in-scope companies must fulfil to comply with this new piece of legislation. An estimated 5,500 large corporations are thought to be in-scope, but due to the nature of the legislation many smaller and medium-sized enterprises could find themselves affected if they form part of the chain of activities of the larger in-scope organisations.

To a large extent, preparation for the CSRD and CSDDD is compatible. Complying with the requirements of the CSDDD will help companies meet their reporting obligations under the CSRD. Similarly, the process of identifying impacts on people and planet, as set out in the CSRD, should inform the development of a risk-based due diligence strategy to meet CSDDD requirements.

For further information on the relationship between the CSDDD and the CSRD, read our blog here.